首页 » 数据库 » Oracle » Oracle sqlnet设置网络传输加密

Oracle sqlnet设置网络传输加密

 

1、查看加密组件

[oracle@yuntestdb ~]$ adapters

Installed Oracle Net transport protocols are:

    IPC
    BEQ
    TCP/IP
    SSL
    RAW
    SDP/IB

Installed Oracle Net naming methods are:

    Local Naming (tnsnames.ora)
    Oracle Directory Naming
    Oracle Host Naming
    Oracle Names Server Naming

Installed Oracle Advanced Security options are:

    RC4 40-bit encryption
    RC4 56-bit encryption
    RC4 128-bit encryption
    RC4 256-bit encryption
    DES40 40-bit encryption
    DES 56-bit encryption
    3DES 112-bit encryption
    3DES 168-bit encryption
    AES 128-bit encryption
    AES 192-bit encryption
    AES 256-bit encryption
    MD5 crypto-checksumming
    SHA-1 crypto-checksumming
    Kerberos v5 authentication
    RADIUS authentication

2、设置网络加密,只对服务端进行设置,客户端默认设置是ACCEPTED

SQLNET.ENCRYPTION_SERVER = requested
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)

3加密设置是否生效参考官网
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoconfg.htm#ASOAG9599

Client Setting	Server Setting	Encryption and Data NegotiationREJECTED	REJECTED	OFFACCEPTED	REJECTED	OFFREQUESTED	REJECTED	OFFREQUIRED	REJECTED	Connection failsREJECTED	ACCEPTED	OFFACCEPTED	ACCEPTED	OFFFoot 1 REQUESTED	ACCEPTED	ONREQUIRED	ACCEPTED	ONREJECTED	REQUESTED	OFFACCEPTED	REQUESTED	ONREQUESTED	REQUESTED	ONREQUIRED	REQUESTED	ONREJECTED	REQUIRED	Connection failsACCEPTED	REQUIRED	ONREQUESTED	REQUIRED	ONREQUIRED	REQUIRED	ON

设置完sqlnet以后不用重启监听
验证是否加密可以trace sqlnet,操作前在sqlnet.ora内增加如下行,做完后删除。

#Trace file setup
trace_level_server=16
trace_level_client=16
trace_directory_server=/oracle/app/oracle/product/11.2.0/db_1/network/admin
trace_directory_client=/oracle/app/oracle/product/11.2.0/db_1/network/admin
trace_file_client=cli
trace_file_server=srv
trace_unique_client=true
diag_adr_enabled = off

验证

[oracle@yuntestdb admin]$ cat srv_24360.trc |grep "encryption is active"
[29-JUL-2020 16:26:23:709] na_tns: 	encryption is active, using RC4_256

加密以后包变大拉

加密解密性能影响,参考http://www.orafaq.com/wiki/Network_Encryption

AlgorithmNoneMD5SHA-1
Time%NoneTime%NoneTime%None
None79.6 s 80.5 s101%82.4 s104%
DES104.7 s132%107.1 s135%108.2 s136%
3DES168151.8 s191%153.9 s193%155.6 s196%
AES12888.8 s112%90.5 s114%92.1 s116%
AES25691.8 s115%93.5 s117%94.2 s118%
RC4_12881.6 s103%82.5 s104%85.0 s107%
RC4_25681.7 s103%82.8 s104%85.0 s107%

原文链接:Oracle sqlnet设置网络传输加密,转载请注明来源!

10